beware of upper and lower case in user_names and community AP ids

This commit is contained in:
rimu 2024-01-29 08:47:36 +13:00
parent 1aff96b52a
commit fec2d24e6d
2 changed files with 9 additions and 10 deletions

View file

@ -183,16 +183,16 @@ def instance_allowed(host: str) -> bool:
def find_actor_or_create(actor: str) -> Union[User, Community, None]: def find_actor_or_create(actor: str) -> Union[User, Community, None]:
actor = actor.strip()
user = None user = None
# actor parameter must be formatted as https://server/u/actor or https://server/c/actor # actor parameter must be formatted as https://server/u/actor or https://server/c/actor
# Initially, check if the user exists in the local DB already # Initially, check if the user exists in the local DB already
if current_app.config['SERVER_NAME'] + '/c/' in actor: if current_app.config['SERVER_NAME'] + '/c/' in actor:
return Community.query.filter_by( return Community.query.filter(Community.ap_profile_id.ilike(actor)).first() # finds communities formatted like https://localhost/c/*
ap_profile_id=actor).first() # finds communities formatted like https://localhost/c/*
if current_app.config['SERVER_NAME'] + '/u/' in actor: if current_app.config['SERVER_NAME'] + '/u/' in actor:
user = User.query.filter_by(user_name=actor.split('/')[-1], ap_id=None, banned=False).first() # finds local users user = User.query.filter(User.user_name.ilike(actor.split('/')[-1])).filter_by(ap_id=None, banned=False).first() # finds local users
if user is None: if user is None:
return None return None
elif actor.startswith('https://'): elif actor.startswith('https://'):
@ -203,12 +203,11 @@ def find_actor_or_create(actor: str) -> Union[User, Community, None]:
else: else:
if instance_blocked(server): if instance_blocked(server):
return None return None
user = User.query.filter_by( user = User.query.filter(User.ap_profile_id.ilike(actor)).first() # finds users formatted like https://kbin.social/u/tables
ap_profile_id=actor).first() # finds users formatted like https://kbin.social/u/tables
if (user and user.banned) or (user and user.deleted) : if (user and user.banned) or (user and user.deleted) :
return None return None
if user is None: if user is None:
user = Community.query.filter_by(ap_profile_id=actor).first() user = Community.query.filter(Community.ap_profile_id.ilike(actor)).first()
if user is not None: if user is not None:
if not user.is_local() and user.ap_fetched_at < utcnow() - timedelta(days=7): if not user.is_local() and user.ap_fetched_at < utcnow() - timedelta(days=7):

View file

@ -25,25 +25,25 @@ class RegistrationForm(FlaskForm):
submit = SubmitField(_l('Register')) submit = SubmitField(_l('Register'))
def validate_real_email(self, email): def validate_real_email(self, email):
user = User.query.filter_by(email=email.data).first() user = User.query.filter(User.email.ilike(email.data.strip())).first()
if user is not None: if user is not None:
raise ValidationError(_l('An account with this email address already exists.')) raise ValidationError(_l('An account with this email address already exists.'))
def validate_user_name(self, user_name): def validate_user_name(self, user_name):
user = User.query.filter_by(user_name=user_name.data, ap_id=None).first() user = User.query.filter(User.user_name.ilike(user_name.data.strip())).filter_by(ap_id=None).first()
if user is not None: if user is not None:
if user.deleted: if user.deleted:
raise ValidationError(_l('This username was used in the past and cannot be reused.')) raise ValidationError(_l('This username was used in the past and cannot be reused.'))
else: else:
raise ValidationError(_l('An account with this user name already exists.')) raise ValidationError(_l('An account with this user name already exists.'))
community = Community.query.filter_by(name=user_name.data).first() community = Community.query.filter(Community.name.ilike(user_name.data.strip())).first()
if community is not None: if community is not None:
raise ValidationError(_l('A community with this name exists so it cannot be used for a user.')) raise ValidationError(_l('A community with this name exists so it cannot be used for a user.'))
def validate_password(self, password): def validate_password(self, password):
if not password.data: if not password.data:
return return
password.data = password.data.strip()
if password.data == 'password' or password.data == '12345678' or password.data == '1234567890': if password.data == 'password' or password.data == '12345678' or password.data == '1234567890':
raise ValidationError(_l('This password is too common.')) raise ValidationError(_l('This password is too common.'))